Showing results for 
Search instead for 
Did you mean: 

ISE 1.2 patch 4 not retrieving groups

Level 1
Level 1

Since the update to ISE 1.2 patch 4 it isn't possible anymore to retrieve groups or attributes from the active directory. It keeps loading.

Anyone else experiencing this issue?           



7 Replies 7

Naresh Ginjupalli
Cisco Employee
Cisco Employee

Hi Jeroen,

This is the only defect CSCuj95908 that is addressed in ISE 1.2 patch 4 from AD component. Is the patch successfully installed on the ISE node.

If possible can you try retrieving the groups & attributes by removing the Patch 4.

On my ISE node I am able to successfully retrieve the groups & attributes with ISE 1.2 patch 4.

Ok, that bug will probably be resolved soon.

I couldn't find the open caveats in the release notes

The issue you are referring to is documented in the following CDETS:

CSCul84544: Retrieval of AD groups or attributes is failing

This is not yet resolved. May be resolved in a future patch

The workaround given in the CDETS is

Fix the DNS server so that the reverse DNS lookup matches

I believe there are other steps that can be taken to mitigate this but would need intervention from TAC

Hi Jrabinow/JEROEN

i will install patch 4 , is it just the ISE can't retrieve new groups ? do users still authenticate against existing groups and

corresponding policies ?

Patch 4 will not resolve this. Fix will be in a future patch.

Issue impacts retrieval of groups from the GUI only (I corrected CDETS title to reflect this). Users are still able to authenticate against existing groups and corresponding policies

Patch 5 doesn't resolve this either.

This is not part of patch 5. Will be resolved in a 1.2 maintenance release called 1.2.1 that should be available some time in March.

in the interim I think there are a few options:

- manually enter group names

- contact TAC and quote the CDETS. There are some well understood workarounds that TAC can help you configure